Python for PAM is fine for exploring, but it's a bad idea for "serious" modules.
That's because your PAM module might be called within the context of another Python interpreter. That might not be in a state that can run your code.
Even libc++ for C++ can cause issues.
Ideally, PAM should just die and be replaced by a simple network service on the DBUS. PolKit is actually pretty decent, although its choice of the language sucks.
Existing PAM modules implement certain login session setup procedures which have to be performed from within the calling process. (Writing to /proc/self/loginuid, for example.) That part is going to be difficult to replace because I don't think we have the required kernel interfaces today that would permit performing this step from the outside (perhaps using a file descriptor obtained via SO_PEERPIDFD?).
Python for PAM is fine for exploring, but it's a bad idea for "serious" modules.
That's because your PAM module might be called within the context of another Python interpreter. That might not be in a state that can run your code.
Even libc++ for C++ can cause issues.
Ideally, PAM should just die and be replaced by a simple network service on the DBUS. PolKit is actually pretty decent, although its choice of the language sucks.
Existing PAM modules implement certain login session setup procedures which have to be performed from within the calling process. (Writing to /proc/self/loginuid, for example.) That part is going to be difficult to replace because I don't think we have the required kernel interfaces today that would permit performing this step from the outside (perhaps using a file descriptor obtained via SO_PEERPIDFD?).
Pam as in PAM (Pluggable Authentication Module) for Linux - and other Unixes that have long been forgotten :)